We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Anybody know about hacked routers?
Comments
-
Its normal to get scanned regularly ,
Its normally from IP addresses in China - these things are automated and are just left set to scan random ip addresses all day ..
In the log, you can see DPT=23 etc etc, DPT is the destination port and indicates you were scanned to see if you had port 23 open .. etc etc ..0 -
Its normal to get scanned regularly ,
Its normally from IP addresses in China - these things are automated and are just left set to scan random ip addresses all day ..
In the log, you can see DPT=23 etc etc, DPT is the destination port and indicates you were scanned to see if you had port 23 open .. etc etc ..
Many routers were made or have components that were made in China. My talktalk router logs show security alert logs on a daily basis that trace to China. I'm not paranoid enough to believe they would but its certainly possible they could insert backdoors into their tech. I've blocked many of the IP addresses but new ones always seem to crop up.
As far as other security goes I second the 'WPS turn-off' suggested above and a further step I always take is changing the router/net IP. Whether it helps a great deal I do not know but its a habit that surely cant do any harm.0 -
and a further step I always take is changing the router/net IP. Whether it helps a great deal I do not know but its a habit that surely cant do any harm.
This wont make any difference whatsoever .. Because the person scanning you is hitting your WAN IP (out facing IP) that you have no control over .
And if they do manage to hack your router, then they will be able to see in plain sight what your internal ip is !!
Then they can just NMAP your whole network !!
[EMAIL="B@stards"]B@stards[/EMAIL]0 -
Summary:- new router (Netgear D1500) put in; its "leaking data" at a rate of about 5-10MB/hour with :-
1. wifi OFF
2. desktop computer connected by ethernet but powered OFF (ethernet port is shown as active on the router)
I now have access to the ISP adsl usage. Very odd. Its almost as if the router (make irrelevant) is being used as a relay on the Internet (ISP is Newnet). I guess I now have to raise the issue with them. 5MB isn't a great deal and if the company didn't use a capped connection (10GB/month) I don't think anybody would have noticed.
EDIT: the debugging onsite is very limited. The new router doesn't appear to have a logging capability. The only clue is that the "Internet LED" flashes green when wifi is off and all ethernet cables are unplugged. The manual says this means "Internet data is being transmitted."0 -
Go to advanced->administration->attached devices on the router's web interface. You should just see your PC.
Also you might want to run Shieldsup! at www.grc.com to see what ports you have open to the internet.0 -
with WiFi off in a locked room the router is being used as a relay (somehow). When I've been on site I've never seen any unexpected clients. Will try shields up next time I'm there.Go to advanced->administration->attached devices on the router's web interface. You should just see your PC.
PS 50mb used in last 6 hours.
EDIT: the ISP (Newnet) has asked if the router has "built in packet capture"? I think he's winding me up.0 -
I've got to the stage where I'm 99% sure the "leaked" traffic is coming through the Newnet network (have put a new router in, turned wifi off, locked computer in a room and used a broadband traffic monitor to prove that computer traffic is minimal.) And, finally, turned computer off. The leakage amount varies but is averaging about 200MB per day.
The ISP is getting round to what I'm telling them but its been an effort. The last they said to me was "Create a firewall rule on the input chain to DROP port 53 TCP and 53 UDP on traffic incoming on the WAN interface, then re-test for 24 hours, this should tell us if it's due to DNS requests, and if it is then we'll either need to find the source or change your external IP."
Of-course the new router we got was a cheap and cheerful Netgear that doesn't let you configure individual ports. More effort...0 -
I have personally seen connection speeds rise when a router was left on all the time instead of being switched of at night. It can happen.
Conversely, since we moved to this house, the longer I leave the router on for, the thicker the treacle becomes for the data to wade through, until it gives up altogether. I switch the router off, once or twice a week, and the speed increase is very noticeable upon power-on.0 -
That sounds more like the routing table is filling up, and a reboot clears it.0
-
My sister-in-law recently had the same problem as the OP, except that it was 30gb a day. They went through the "router must have been hacked" scenario. Changed passwords and routers to no avail. It turned out to be the family's iphones, pads, macs etc. constantly updating their cloud photo albums.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards